UAT-5918 Targets Critical Infrastructure Entities in Taiwan

    Friday, March 21, 2025 In: Threat Research Print

    Date: 03/21/2025

    Severity: Medium

    Summary

    UAT-5918 is an advanced persistent threat (APT) group targeting entities in Taiwan, aiming to establish long-term access by exploiting N-day vulnerabilities in unpatched web and application servers. The group uses a range of open-source tools for network reconnaissance and manual post-compromise activities, primarily focused on information theft. They deploy web shells, harvest credentials, create administrative accounts, and use RDP for lateral movement. Key tools include FRPC, Mimikatz, and Impacket, with a focus on compromising critical infrastructure in Taiwan.

    Indicators of Compromise (IOC) List

    Hash

    09cea8aed5c58c446e6ef4d9bb83f7b5d7ba7b7c89d4164f397d378832722b69

    b7690c0fc9ec32e1a54663a2e5581e6260fe9318a565a475ee8a56c0638f38d0

    7ef22bfb6b2b2d23fe026bdfd7d2304427b6b62c6f9643efeddb4820ebf865af

    f4ea99dc41cb7922d01955eef9303ec3a24b88c3318138855346de1e830ed09e

    e159824448a8e53425b38bd11030aa786c460f956c9d7fc118b212e8ced4087a

    3588bda890ebf6138a82ae2e4f3cd7234ec071f343c9f5db5a96a54734eeaf9f

    efc0d2c1e05e106c5c36160e17619a494676deb136fb877c6d26f3adf75a5777

    d1825cd7a985307c8585d88d247922c3a51835f9338dc76c10cdbad859900a03

    02ab315e4e3cf71c1632c91d4914c21b9f6e0b9aa0263f2400d6381aab759a61

    6f6f7aa6144a1cfe61ac0a80db7ad712440bdc5730644e05794876eb8b6a41b4

    bab01d029556cf6290f6f21fec5932e13399f93c5fdbcffd3831006745f0eb83

    f7f6d0afb300b57c32853d49ff50650f5d1dc7cf8111aa32ff658783c038bfe5

    497a326c6c207c1fb49e4dad81d051fcf6bcbe047e0d3fe757c298ef8fe99aba

    f9eb34c34e4a91630f265f12569f70b83feba039c861d6bf906b74e7fb308648

    dd832c8e30ed50383495d370836688ee48e95334270cbbce41109594cb0c9fd1

    f7b52ee613f8d4e55a69f0b93aa9aa5472e453b0c458c8390db963ff8b0b769c

    b994cbc1b5c905a2b731e47b30718c684521e8ec6afb601afecf30ef573e5153

    12d4efe2b21b5053a3a21b49f25a6a4797dc6e9a80d511f29ca67039ba361f63

    2272925b1e83c7c3ab24bdeb82ce727db84f5268c70744345cda41b452c49e84

    71eb5115e8c47fff1ab0e7acebaea7780223683259a2bb1b8db1eb3f26878ca4

    a774244ea5d759c4044aea75128a977e45fd6d1bb5942d9a8a1c5d7bff7e3db9

    31742ab79932af3649189b9287730384215a8dccdf21db50de320da7b3e16bb4

    d47e35baee57eb692065a2295e3e9de40e4c57dba72cb39f9acb9f564c33b421

    1753fa34babeeee3b20093b72987b7f5e257270f86787c81a556790cb322c747

    5b0f8c650f54f17d002c01dcc74713a40eccb0367357d3f86490e9d17fcd71e8

    95eee44482b4226efe3739bed3fa6ce7ae7db407c1e82e988f27cd27a31b56a6

    234899dea0a0e91c67c7172204de3a92a4cbeef37cdc10f563bf78343234ad1d

    8d440c5f0eca705c6d27aa4883c9cc4f8711de30fea32342d44a286b362efa9a

    ffb8db57b543ba8a5086640a0b59a5def4929ad261e9f3624b2c0a22ae380391

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    sha256hash IN ("09cea8aed5c58c446e6ef4d9bb83f7b5d7ba7b7c89d4164f397d378832722b69","b7690c0fc9ec32e1a54663a2e5581e6260fe9318a565a475ee8a56c0638f38d0","7ef22bfb6b2b2d23fe026bdfd7d2304427b6b62c6f9643efeddb4820ebf865af","f4ea99dc41cb7922d01955eef9303ec3a24b88c3318138855346de1e830ed09e","e159824448a8e53425b38bd11030aa786c460f956c9d7fc118b212e8ced4087a","3588bda890ebf6138a82ae2e4f3cd7234ec071f343c9f5db5a96a54734eeaf9f","efc0d2c1e05e106c5c36160e17619a494676deb136fb877c6d26f3adf75a5777","d1825cd7a985307c8585d88d247922c3a51835f9338dc76c10cdbad859900a03","02ab315e4e3cf71c1632c91d4914c21b9f6e0b9aa0263f2400d6381aab759a61","6f6f7aa6144a1cfe61ac0a80db7ad712440bdc5730644e05794876eb8b6a41b4","bab01d029556cf6290f6f21fec5932e13399f93c5fdbcffd3831006745f0eb83","f7f6d0afb300b57c32853d49ff50650f5d1dc7cf8111aa32ff658783c038bfe5","497a326c6c207c1fb49e4dad81d051fcf6bcbe047e0d3fe757c298ef8fe99aba","f9eb34c34e4a91630f265f12569f70b83feba039c861d6bf906b74e7fb308648","dd832c8e30ed50383495d370836688ee48e95334270cbbce41109594cb0c9fd1","f7b52ee613f8d4e55a69f0b93aa9aa5472e453b0c458c8390db963ff8b0b769c","b994cbc1b5c905a2b731e47b30718c684521e8ec6afb601afecf30ef573e5153","12d4efe2b21b5053a3a21b49f25a6a4797dc6e9a80d511f29ca67039ba361f63","2272925b1e83c7c3ab24bdeb82ce727db84f5268c70744345cda41b452c49e84","71eb5115e8c47fff1ab0e7acebaea7780223683259a2bb1b8db1eb3f26878ca4","a774244ea5d759c4044aea75128a977e45fd6d1bb5942d9a8a1c5d7bff7e3db9","31742ab79932af3649189b9287730384215a8dccdf21db50de320da7b3e16bb4","d47e35baee57eb692065a2295e3e9de40e4c57dba72cb39f9acb9f564c33b421","1753fa34babeeee3b20093b72987b7f5e257270f86787c81a556790cb322c747","5b0f8c650f54f17d002c01dcc74713a40eccb0367357d3f86490e9d17fcd71e8","95eee44482b4226efe3739bed3fa6ce7ae7db407c1e82e988f27cd27a31b56a6","234899dea0a0e91c67c7172204de3a92a4cbeef37cdc10f563bf78343234ad1d","8d440c5f0eca705c6d27aa4883c9cc4f8711de30fea32342d44a286b362efa9a","ffb8db57b543ba8a5086640a0b59a5def4929ad261e9f3624b2c0a22ae380391")

    Reference:  

    https://blog.talosintelligence.com/uat-5918-targets-critical-infra-in-taiwan/


    Tags

    VulnerabilitiesThreat ActorUAT-5918APTTaiwanCritical InfrastructureReconnaissance

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.